Search in sources :

Example 6 with ValidationErrorCode

use of org.apache.ranger.plugin.errors.ValidationErrorCode in project ranger by apache.

the class RangerServiceDefValidator method isValidConfigOfEnumType.

boolean isValidConfigOfEnumType(RangerServiceConfigDef configDef, List<RangerEnumDef> enumDefs, List<ValidationFailureDetails> failures) {
    if (LOG.isDebugEnabled()) {
        LOG.debug(String.format("==> RangerServiceDefValidator.isValidConfigOfEnumType(%s, %s, %s)", configDef, enumDefs, failures));
    }
    boolean valid = true;
    if (!"enum".equals(configDef.getType())) {
        LOG.debug("ConfigDef wasn't of enum type!");
    } else {
        Map<String, RangerEnumDef> enumDefsMap = getEnumDefMap(enumDefs);
        Set<String> enumTypes = enumDefsMap.keySet();
        String subType = configDef.getSubType();
        String configName = configDef.getName();
        if (!enumTypes.contains(subType)) {
            ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_CONFIG_DEF_UNKNOWN_ENUM;
            failures.add(new ValidationFailureDetailsBuilder().field("config def subtype").subField(configName).isSemanticallyIncorrect().errorCode(error.getErrorCode()).becauseOf(error.getMessage(subType, configName, enumTypes)).build());
            valid = false;
        } else {
            // default value check is possible only if sub-type is correctly configured
            String defaultValue = configDef.getDefaultValue();
            if (StringUtils.isNotBlank(defaultValue)) {
                RangerEnumDef enumDef = enumDefsMap.get(subType);
                Set<String> enumValues = getEnumValues(enumDef);
                if (!enumValues.contains(defaultValue)) {
                    ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_CONFIG_DEF_UNKNOWN_ENUM_VALUE;
                    failures.add(new ValidationFailureDetailsBuilder().field("config def default value").subField(configName).isSemanticallyIncorrect().errorCode(error.getErrorCode()).becauseOf(error.getMessage(defaultValue, configName, enumValues, subType)).build());
                    valid = false;
                }
            }
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug(String.format("<== RangerServiceDefValidator.isValidConfigOfEnumType(%s, %s, %s): %s", configDef, enumDefs, failures, valid));
    }
    return valid;
}
Also used : RangerEnumDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef) ValidationErrorCode(org.apache.ranger.plugin.errors.ValidationErrorCode)

Example 7 with ValidationErrorCode

use of org.apache.ranger.plugin.errors.ValidationErrorCode in project ranger by apache.

the class RangerServiceDefValidator method isValidPolicyConditions.

boolean isValidPolicyConditions(List<RangerPolicyConditionDef> policyConditions, List<ValidationFailureDetails> failures) {
    if (LOG.isDebugEnabled()) {
        LOG.debug(String.format("==> RangerServiceDefValidator.isValidPolicyConditions(%s, %s)", policyConditions, failures));
    }
    boolean valid = true;
    if (CollectionUtils.isEmpty(policyConditions)) {
        LOG.debug("Configs collection was null/empty! ok");
    } else {
        Set<Long> ids = new HashSet<>();
        Set<String> names = new HashSet<>();
        for (RangerPolicyConditionDef conditionDef : policyConditions) {
            valid = isUnique(conditionDef.getItemId(), ids, "policy condition def itemId", "policy condition defs", failures) && valid;
            String name = conditionDef.getName();
            valid = isUnique(name, names, "policy condition def name", "policy condition defs", failures) && valid;
            if (StringUtils.isBlank(conditionDef.getEvaluator())) {
                ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_POLICY_CONDITION_NULL_EVALUATOR;
                failures.add(new ValidationFailureDetailsBuilder().field("policy condition def evaluator").subField(name).isMissing().errorCode(error.getErrorCode()).becauseOf(error.getMessage(name)).build());
                valid = false;
            }
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug(String.format("<== RangerServiceDefValidator.isValidPolicyConditions(%s, %s): %s", policyConditions, failures, valid));
    }
    return valid;
}
Also used : RangerPolicyConditionDef(org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef) ValidationErrorCode(org.apache.ranger.plugin.errors.ValidationErrorCode) HashSet(java.util.HashSet)

Example 8 with ValidationErrorCode

use of org.apache.ranger.plugin.errors.ValidationErrorCode in project ranger by apache.

the class RangerServiceValidator method isValid.

boolean isValid(Long id, Action action, List<ValidationFailureDetails> failures) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerServiceValidator.isValid(" + id + ")");
    }
    boolean valid = true;
    if (action != Action.DELETE) {
        ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_UNSUPPORTED_ACTION;
        failures.add(new ValidationFailureDetailsBuilder().isAnInternalError().errorCode(error.getErrorCode()).becauseOf(error.getMessage(action)).build());
        valid = false;
    } else if (id == null) {
        ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_MISSING_FIELD;
        failures.add(new ValidationFailureDetailsBuilder().field("id").isMissing().errorCode(error.getErrorCode()).becauseOf(error.getMessage(id)).build());
        valid = false;
    } else if (getService(id) == null) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("No service found for id[" + id + "]! ok!");
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerServiceValidator.isValid(" + id + "): " + valid);
    }
    return valid;
}
Also used : ValidationErrorCode(org.apache.ranger.plugin.errors.ValidationErrorCode)

Example 9 with ValidationErrorCode

use of org.apache.ranger.plugin.errors.ValidationErrorCode in project ranger by apache.

the class RangerServiceValidator method isValid.

boolean isValid(RangerService service, Action action, List<ValidationFailureDetails> failures) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerServiceValidator.isValid(" + service + ")");
    }
    if (!(action == Action.CREATE || action == Action.UPDATE)) {
        throw new IllegalArgumentException("isValid(RangerService, ...) is only supported for CREATE/UPDATE");
    }
    boolean valid = true;
    if (service == null) {
        ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_NULL_SERVICE_OBJECT;
        failures.add(new ValidationFailureDetailsBuilder().field("service").isMissing().errorCode(error.getErrorCode()).becauseOf(error.getMessage()).build());
        valid = false;
    } else {
        Long id = service.getId();
        if (action == Action.UPDATE) {
            // id is ignored for CREATE
            if (id == null) {
                ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_EMPTY_SERVICE_ID;
                failures.add(new ValidationFailureDetailsBuilder().field("id").isMissing().errorCode(error.getErrorCode()).becauseOf(error.getMessage()).build());
                valid = false;
            } else if (getService(id) == null) {
                ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_INVALID_SERVICE_ID;
                failures.add(new ValidationFailureDetailsBuilder().field("id").isSemanticallyIncorrect().errorCode(error.getErrorCode()).becauseOf(error.getMessage(id)).build());
                valid = false;
            }
        }
        String name = service.getName();
        boolean nameSpecified = StringUtils.isNotBlank(name);
        RangerServiceDef serviceDef = null;
        if (!nameSpecified) {
            ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_INVALID_SERVICE_NAME;
            failures.add(new ValidationFailureDetailsBuilder().field("name").isMissing().errorCode(error.getErrorCode()).becauseOf(error.getMessage(name)).build());
            valid = false;
        } else {
            RangerService otherService = getService(name);
            if (otherService != null && action == Action.CREATE) {
                ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_SERVICE_NAME_CONFICT;
                failures.add(new ValidationFailureDetailsBuilder().field("name").isSemanticallyIncorrect().errorCode(error.getErrorCode()).becauseOf(error.getMessage(name)).build());
                valid = false;
            } else if (otherService != null && otherService.getId() != null && !otherService.getId().equals(id)) {
                ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_ID_NAME_CONFLICT;
                failures.add(new ValidationFailureDetailsBuilder().field("id/name").isSemanticallyIncorrect().errorCode(error.getErrorCode()).becauseOf(error.getMessage(name, otherService.getId())).build());
                valid = false;
            }
        }
        String type = service.getType();
        boolean typeSpecified = StringUtils.isNotBlank(type);
        if (!typeSpecified) {
            ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_MISSING_SERVICE_DEF;
            failures.add(new ValidationFailureDetailsBuilder().field("type").isMissing().errorCode(error.getErrorCode()).becauseOf(error.getMessage(type)).build());
            valid = false;
        } else {
            serviceDef = getServiceDef(type);
            if (serviceDef == null) {
                ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_INVALID_SERVICE_DEF;
                failures.add(new ValidationFailureDetailsBuilder().field("type").isSemanticallyIncorrect().errorCode(error.getErrorCode()).becauseOf(error.getMessage(type)).build());
                valid = false;
            }
        }
        if (nameSpecified && serviceDef != null) {
            // check if required parameters were specified
            Set<String> reqiredParameters = getRequiredParameters(serviceDef);
            Set<String> inputParameters = getServiceConfigParameters(service);
            Set<String> missingParameters = Sets.difference(reqiredParameters, inputParameters);
            if (!missingParameters.isEmpty()) {
                ValidationErrorCode error = ValidationErrorCode.SERVICE_VALIDATION_ERR_REQUIRED_PARM_MISSING;
                failures.add(new ValidationFailureDetailsBuilder().field("configuration").subField(// we return any one parameter!
                missingParameters.iterator().next()).isMissing().errorCode(error.getErrorCode()).becauseOf(error.getMessage(missingParameters)).build());
                valid = false;
            }
        }
        String tagServiceName = service.getTagService();
        if (StringUtils.isNotBlank(tagServiceName) && StringUtils.equals(type, EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) {
            failures.add(new ValidationFailureDetailsBuilder().field("tag_service").isSemanticallyIncorrect().becauseOf("tag service cannot be part of any other service").build());
            valid = false;
        }
        boolean needToEnsureServiceType = false;
        if (action == Action.UPDATE) {
            RangerService otherService = getService(name);
            String otherTagServiceName = otherService == null ? null : otherService.getTagService();
            if (StringUtils.isNotBlank(tagServiceName)) {
                if (!StringUtils.equals(tagServiceName, otherTagServiceName)) {
                    needToEnsureServiceType = true;
                }
            }
        } else {
            // action == Action.CREATE
            if (StringUtils.isNotBlank(tagServiceName)) {
                needToEnsureServiceType = true;
            }
        }
        if (needToEnsureServiceType) {
            RangerService maybeTagService = getService(tagServiceName);
            if (maybeTagService == null || !StringUtils.equals(maybeTagService.getType(), EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) {
                failures.add(new ValidationFailureDetailsBuilder().field("tag_service").isSemanticallyIncorrect().becauseOf("tag service name does not refer to existing tag service:" + tagServiceName).build());
                valid = false;
            }
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerServiceValidator.isValid(" + service + "): " + valid);
    }
    return valid;
}
Also used : RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef) RangerService(org.apache.ranger.plugin.model.RangerService) ValidationErrorCode(org.apache.ranger.plugin.errors.ValidationErrorCode)

Example 10 with ValidationErrorCode

use of org.apache.ranger.plugin.errors.ValidationErrorCode in project ranger by apache.

the class RangerPolicyValidator method isValidItemAccesses.

boolean isValidItemAccesses(List<RangerPolicyItemAccess> accesses, List<ValidationFailureDetails> failures, RangerServiceDef serviceDef) {
    if (LOG.isDebugEnabled()) {
        LOG.debug(String.format("==> RangerPolicyValidator.isValid(%s, %s, %s)", accesses, failures, serviceDef));
    }
    boolean valid = true;
    if (CollectionUtils.isEmpty(accesses)) {
        LOG.debug("policy item accesses collection was null/empty!");
    } else {
        Set<String> accessTypes = getAccessTypes(serviceDef);
        for (RangerPolicyItemAccess access : accesses) {
            if (access == null) {
                ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_ACCESS;
                failures.add(new ValidationFailureDetailsBuilder().field("policy item access").isMissing().becauseOf(error.getMessage()).errorCode(error.getErrorCode()).build());
                valid = false;
            } else {
                // we want to go through all elements even though one may be bad so all failures are captured
                valid = isValidPolicyItemAccess(access, failures, accessTypes) && valid;
            }
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug(String.format("<== RangerPolicyValidator.isValid(%s, %s, %s): %b", accesses, failures, serviceDef, valid));
    }
    return valid;
}
Also used : RangerPolicyItemAccess(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess) ValidationErrorCode(org.apache.ranger.plugin.errors.ValidationErrorCode)

Aggregations

ValidationErrorCode (org.apache.ranger.plugin.errors.ValidationErrorCode)25 HashSet (java.util.HashSet)6 RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)3 RangerEnumDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef)3 RangerResourceDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef)3 ArrayList (java.util.ArrayList)2 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)2 RangerPolicyItemAccess (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)2 RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)2 RangerService (org.apache.ranger.plugin.model.RangerService)2 RangerAccessTypeDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef)2 List (java.util.List)1 RangerDataMaskPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)1 RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)1 RangerRowFilterPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)1 RangerPolicyResourceSignature (org.apache.ranger.plugin.model.RangerPolicyResourceSignature)1 RangerEnumElementDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumElementDef)1 RangerPolicyConditionDef (org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef)1